THE HISTORY OF PORT SECURITY IN THE U.S. – THE SUCCESSES AND
CHALLENGES TO COME
Background:
When two airplanes struck the World Trade Centers in NYC on 9/11/2001, the U.S. not only woke up
to the dangers of terrorism, but we realized that terrorists could strike our shores as well.
Congress and the country became unified behind new laws and regulations to protect the homeland.
The attention was placed first on aviation safety – understandably because the terrorists struck the
two towers --and the Pentagon – and aimed at the U.S. Capitol --using airplanes. Congress passed
major aviation safety legislation – from which we obtained the Transportation Security
Administration, new cargo screening requirements, and new security regulations for cockpit doors
and new requirements for passenger screening.
Soon after, the Congress turned its attention to maritime security. And in 2002 passed the Maritime
Transportation Security Act (MTSA) (Pub. L. 107-295) which established the regime for maritime and
port security in the U.S. that we follow to this day. The law has been amended a few times but the
basic principles remain the same.
The MTSA was intended to implement the International Ship and Port Facility Security (or ISPS)
Code and it follows the Code and goes beyond it, too, in a few instances.
The MTSA included new requirements for maritime security, including:
 Establishment of Area Maritime Security Committees, chaired by the U.S. Coast Guard
Captain of the Port;
 The conduct of Vulnerability Assessments for all ports, vessels, cruise ships (of more than
150 passengers or more than 100 GTs), and facilities;
 The completion of Maritime Security Plans for ports, vessels, cruise ships and facilities at
ports – to be approved by the Coast Guard and intended to have regular drills and
exercises;
 The requirement for 24-hour notice before a ship could enter a U.S. port;
 The carriage of Automated Identification Systems or AIS for most commercial and large
passenger vessels; and
 The requirement for biometric (with fingerprints) identification cards or TWIC cards as they
are known.
Implementation of MTSA, the Container Security Initiative and C-TPAT
In implementing MTSA, the Customs and Border Protection Bureau of the newly created Department
of Homeland Security also established initially by regulation three critical programs for screening
cargo that comes into the U.S. on container ships. And in the U.S. we have more than 10M
containers come into the U.S. through our ports every year. These programs are the Secure Freight
Initiative, the Container Security Initiative and the Customs-Trade Partnership Against Terrorism (CTPAT) Program.
I think the beauty of these programs – which I give credit to Robert Bonner – the head at the time of
CBP – is that they really pushed the borders of the U.S. far outside the U.S. Our commerce – as is
yours – is a worldwide business and therefore cargo from around the world had to be examined and
checked.
This regime has greatly protected U.S. ports – by screening cargo overseas, by engaging in
partnerships with more than 6,000 U.S. importers --in effect creating a trusted shipper program –
and by entering into agreements with partners including many of your countries under the CSI
Program.
Congress has tinkered with MTSA a few times – with the 2006 Safe Port Act and the 9/11
Commission Act. The Safe Port Act required all containers entering the U.S. to be scanned for
radiation and codified and strengthened the C-TPAT Program. The Implementing the
Recommendations of the 9/11 Commission Act established the requirement that 100% of the cargo
entering the U.S. would be scanned for weapons of mass destruction.
The 100% Scanning Requirement: Is it Feasible?
The 100% requirement has been quite controversial in the U.S. and elsewhere and has really never
been implemented. The Secretary of Homeland Security has the authority to waive the law for twoyear increments and Secretary Napolitano did just that 2 years ago. She found that imposing this
requirement would be too costly and would impede commerce and trade into the U.S. The waiver
expires this summer and I expect that it will be renewed by the current Secretary.
Has the MTSA Regime Been a Success?
I think we have to say yes. To my knowledge, there have been no major terrorist incidents at a U.S.
port since its enactment. [Some incidents may have been thwarted – at least I hope so --but I am not
privy to these.] Can more be done? Always – and at the end I will mention some of the items that I
call unfinished business for maritime and port security.
Who Is Responsible Should a Terrorist Incident Occur at a U.S. Port?
The 360 + U.S. ports are largely managed by public entities and the tenants are largely from the
private sector, so responsibility and liability is divided between the two sectors.
On the one hand, the public ports have the benefit of “sovereign immunity.” Sovereign immunity
comes from the British common law that the sovereign can do no wrong.
The NYS Court of Appeals found in a 2011 decision that the Port of New York and New Jersey had
the benefit of sovereign immunity after the earlier 1993 attack on the Port which resulted in loss of
life and property. The Court found that the Port had exercised due care and did not have the
obligation to strengthen the perimeters of the garage through which the terrorists entered in 1993.
This reminds me that those who forget history are doomed to repeat it – so said Edmund Burke.
It remains to be seen whether this form of immunity will be afforded to a port that has not exercised
the proper amount of care.
Anyway, all ports should initially determine their legal status under their country laws and determine
if they are eligible to invoke this principle.
Liability of Private Terminal Owners and Operators
On the other hand, the private terminal owners and operators would not necessarily have this
advantage and they can be sued in the event of a terrorist incident if they have been negligent.
After 9/11, there was a threat of multiple lawsuits against private companies working in port security
and Congress passed new legislation – called the SAFETY Act. Under this Act, private companies
and port operators can seek the protection of the law by having their products and services certified
by the DHS as being Qualified Anti-Terror Technologies or QATTS.
If the product is designated by DHS its liability is capped at certain agreed-upon insurable rates. If
the product or service is certified, the company can obtain the benefit of quasi – immunity or the
immunity of a government contractor. It’s definitely worthwhile if you are in the port security business
to obtain the protections of the SAFETY Act. And many companies have done just that.
After 9/11, of course there were multiple lawsuits filed against the airlines and the insurance
companies. Just last year, the final 9/11 lawsuit was settled between Cantor Fitzgerald and
American Airlines to the tune of $135M. Cantor Fitzgerald, a major occupant of the top floors of the
North Tower was decimated when AA Flight 11 hit that tower. They lost over 650 employees on
9/11. (The original lawsuit was for over $1B).
Then there are many cases that have come to the federal courts challenging the scope of insurance
policies that tenants in and around the WTC’s had. Of course, the best insurance is anti-terror
insurance but this may be difficult and expensive to obtain. Under standard insurance clauses,
companies are entitled for compensation for certain quantifiable damages --up to the limits of their
policies -- until they can start operating the business again – but not necessarily in the same
location. For a good article summarizing these insurance cases, I recommend reading: “Ten Years
After 9/11: Property Insurance Lessons Learned” by Scott Johnson. The lesson is Caveat Emptor
and Read the Small Print of your insurance policies.
So – the four levels of protection for ports and port and terminal owners and operators include: 1)
sovereign immunity; 2) terrorism insurance; 3) standard insurance policies; and 4) in the U.S, the
benefits of the SAFETY Act.
What Are the Future Security Challenges for Ports? What are the Unmet
Issues?
 Small recreational vessels and fishing
vessels – Remember the USS Cole.
 AIS – it’s not required for all vessels;
 Cybersecurity;
 Declining budgets for the Coast Guard
and for FEMA Port security Grants;
 Readers for TWIC cards;
 100% Container Scanning vs. Screening;
 Container Security Devices; and
 Perimeter Security.
I just want to return briefly to the subject of cybersecurity. It’s definitely a challenge for all critical
infrastructure and all of us who use the Internet and charge cards. In the U.S., the President has
issued an Executive Order and NIST/Dept. of Commerce has created a new voluntary framework of
best cybersecurity practices. But Congress has not passed any new Cyber legislation and the
standards are voluntary to date for most CI sectors.
In the latest Port Security Grant announcement by DHS/FEMA, ports are now able to use some of
their (dwindling) port security grants to perform cyber vulnerability assessments. Some U.S. ports
have already done this. For example, L.A. has used part of a grant to protect its computer networks,
and Long Beach has spent considerable grant moneys to build a secure communication
infrastructure.
Unfortunately, we are always responding to the latest crisis. But I have to conclude that the U.S. port
security regime has been successful to date. Should we ever have a terrorist bomb enter a U.S. port
through a shipping container and be detonated, the damage will be substantial, the costs
astronomical, and the event will be sure to wreak havoc on our collective psyche. And, it will –
unfortunately as these crises always do – bring our attention back to the law and Congress will have
to decide whether a new regime is needed.
In the meantime, I hope you are all practicing safe port security practices and training for whatever
eventuality may come your way.
I wish you all the best at this conference and when you get back home.
Muchas gracias por sus attenciones hoy.
I am glad to answer any questions you may have.
I can be reached at: Bondareff@BlankRome.com.